begin quoting m ike as of Wed, May 18, 2005 at 02:52:51PM -0700: > > How do you offer 'em up? > > I guess by making them vulnerable in the same way valid addresses are > vulnerable.
Remember that you don't want to offer anything up that could be confused with a "real" address, otherwise valid email from strangers trying to reach you would result in a false match... If that's acceptable, the easier solution is to simple go to whitelists, and be done with it. > And i guess that there are people who have studied the approaches that > spammers take to get addresses. Web-pages, usenet, compromised boxes, and purchased lists. > > "Honeypot" is the name of the generic concept. [snip] > ... but > I thought that a honeypot was an intentionally weak spot in a security system, I think of a honeypot as something so sweet and tasty so as to get the target to do something unwise. > where as the spam tactic is more a needle-in-the-haystack approach, where > one intentionally pollutes namespace so that the valid addresses become > needles and the spammer has to spam the entire haystack in order reach > the needle. Set the haystack on fire. Sift the ashes. Finding a needle in a haystack is no problem if you're willing to engage in a little destructive behavior; and spammers aren't afraid of matches. > > How do you choose to ignore the spammers? > > Filter on the sender's email address? > > Block the IP of the sender? > > If similar content is received at fictitious addresses, then it > is spam. So content-based matching? Is the whole message kept, or just a checksum of some sort? (If the latter, only exact matches apply, and spammers have already figured out how to make spam "unique" for each user.) > > I like the idea of greylisting > > > I'm not sure what greylisting is SMTP has the concept of a "temporary" error -- basically, "I can't take this email right now, try back in a couple of hours." So greylisting uses this. When someone sends you an email, your mail server takes note of who you claim to be, what your IP is, and who you are sending to... and then has a 'temporary error', and logs that information along with a timestamp. Subsequent connections are checked against this data, and once a certain amount of time has elapsed (say, four hours), email is allowed through, otherwise, there's a temporary failure again. Real email gets through -- although, with a four-hour delay the first time -- so once you have a relationship with someone, there's no problem. Strangers who are legitmately trying to contact you can still do so. Spammers often use tools that send in a fire-and-forget manner -- so they won't try back (no spam!) or they'll stay online long enough to be listed in an RBL (no spam!). -Stewart "In concept, it's brilliant, simple, and elegant." Stremler
pgpoHQT2ymZxD.pgp
Description: PGP signature
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
